The current effort will only allow for ipv6 objects (route6/inet6num).
s/allow for/add support for/ i hope
We are using the same code that RIPE is using at http://certtest.ripe.net. RIPE has been very kind to allow us to use their code. As for ARIN, this is a pilot and is certainly not a final fixed-feature set. The first go of this is the "hosted" solution where an ISP can come into ARIN's pilot and create ROAs based off of allocations that they have received from ARIN.
All the ROAs will be placed into a rsync repository that can be retrieved and validated. Specifically, here are the features that are a part of the system:
* Enables ARIN resource holders to request certificates for their IPv4 and IPv6 Provider Aggregatable (PA) resources * Enables ARIN resource holders to manage Route Origin Authorizations (ROAs) for their PA address space * Provides a public repository of certificates and ROAs * Handles key rollovers and revocations
the simple version of the question: who holds my private key(s)? the longer version: does this implement my having my own subsidiary CA with it communiciating with ARIN's and RIPE's ... using the protocols of the ietf sidr work? randy